Team Lead - Data & Security Compliance at Xero

Cyber Security Engineering, Permanent, Melbourne, AU melbourne engineering full-time
Description
Posted 6 days ago

Our Purpose
At Xero, we’re here to make running a business beautiful. By making small business more efficient every day, connecting them with big business technology and empowering a community behind them, their potential is limitless. When that happens, we’re not only helping small business, we’ll be building a stronger economy that can change the world.

How you’ll make an impact
The Team Lead - Data and Security Compliance will lead a team of Data and Security Compliance specialists in working with all parts of the business to improve Xero’s data & security compliance posture, helping to reduce the risk of security incidents through the improvement of the efficiency and effectiveness of Xero’s data and security controls.

What you'll do

  • Lead a data and security compliance management team.
  • Assess data and security compliance requirements across all areas of Xero’s business, including product, platform, and third party software and services, to ensure these are well understood and managed.
  • Ensure security compliance obligations, both internally defined and externally regulated, are understood and met across Xero.
  • Maintain the Xero information security management framework. Ensure that security policy and standards keep pace with the changing threat and compliance landscape, and are approved and communicated across Xero.
  • Engage and manage service providers delivering services and capabilities related to Xero’s data and security compliance practice.
  • Maintain a comprehensive program of automated and manual data & security testing across Xero products.
  • Assist in the development and delivery of security awareness materials and training to Xero staff.
  • Respond to customer and supplier security assessments.
  • Provide measurement and reporting of Xero’s compliance position suitable for various levels of Xero’s leadership.
  • Work with all areas of Xero’s business to ensure they have business continuity plans in place and these are regularly tested and maintained.
  • Coach and mentor each of your direct reports to help them become the best versions of themselves they can be, using a variety of techniques which may include performance feedback and career development.
  • Spend a proportion of your time on people-focused tasks including recruitment, leave management, performance reviews, training and development.
  • Mentor product team members from other disciplines about data and security awareness of compliance concerns as a key consideration of product development.
  • Success looks like

  • All changes to Xero’s product and corporate infrastructure are in compliance with the IT Security Policy and standards and meet Xero’s compliance obligations.
  • Security assessments are completed and documented for all new third party software and technology services prior to them being used by Xero.
  • Audits and other compliance assessment activities are completed successfully, and compliance is maintained with required standards.
  • Business Continuity Plans are developed, maintained and tested to an agreed schedule.
  • Security policy and standards are maintained to address current risks and compliance requirements.
  • Your team is working collaboratively together to ensure agreed objectives are met for operational performance and continue to improve the way the service is operated and monitored.
  • High performing, highly engaged staff.
  • Critical Competencies

  • Able to lead and mentor a diverse and geographically dispersed team to meet organisational goals.
  • Takes a business focused and pragmatic approach to data and security compliance.
  • Ability to lead and work as part of a team and able to take pride and ownership in their work.
  • Has initiative and a passion for all things security and a willingness to go the extra mile.
  • Excellent stakeholder management.
  • Able to effectively communicate to a wide range of people.
  • Creates an environment in which the team will thrive and excel.
  • Creates a collaborative environment and empowers others.
  • An innovative and positive team player with a “can do” attitude.
  • Is someone people like working for and who acknowledges and rewards excellence.
  • Fast learner, detail oriented, decisive, and enjoys fast paced work environments.
  • Experience

  • 5+ years in a role in an information security and Compliance management practice.
  • 5+ years in a role in a Data Compliance management practice.
  • Experience implementing risk management and information management security frameworks.
  • Proven experience in developing and maintaining a highly motivated team of individuals.
  • Been recognised as a technical lead or the senior contributor in your team.
  • What we value 

    We Make it Xero

    We make it beautiful
    We make it happen
    We make it human
    We make it together